loader[.]rar | Triage

Sharing

Copy URL Twitter E-mail

General

Target

loader.rar
Size

1.1MB
MD5

3d3dbc19d3b34a3fd50117786be1eb2e
SHA1

3931e420c0da4aecb339b2f28e9c8607e9f7ebfc
SHA256

15290b5d1996d8cf8f7d41a182a8c416fa9b0d7e5577fc15e7a90bbee31694bc
SHA512

ecef61facd265b17ab8bf1fd5f4338559122da3435bab3490567f5bcb091b5081040b81e8682cd5ef9b86dd51d026cd1a620105d34151f9fc181efe8407c498a
SSDEEP

24576:KxCdCmbMaQOhxzfQNNrifEpYrV+jklEm9EgEVA+X8xokwHo:K9nOUxiffV+jZVAC8xqo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Primo .dev loader.exe

Files

loader.rar
.rar

Password: 1234
Primo .dev loader.exe
.exe windows:4 windows x86 arch:x86

Password: 1234

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 44KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 174KB - Virtual size: 3.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 949KB - Virtual size: 952KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE